Can write, can't read from SSLSocket. No trusted certificate found
Hello!
We have to use an ssl connection to talk to another application. The exception is generated when trying to read from the socket. Creation and writing don't generate any errors and I can't verify if the other server actually gets what I'm writing.
I used these commands to create the private key and the certificate
openssl genrsa -des3 -out priv.pem -passout pass:myPassword 1024
openssl req -x509 -new -key priv.pem -passin pass:myPassword -days 3650 -out cert.cerI have imported the cert.cer into the java/jre/lib/security/cacerts keystore. The CN value in the cert.cer is the one I got from the hostname command.
I still get the error:
javax.net.ssl.SSLHandshakeException: com.ibm.jsse2.util.h: No trusted certificate foundJust before reading from the socket I print in the log file the sockets properties:
is input shut down? false
is output shut down? false
is bound? true
is closed? false
is connected? trueAm I suppose to do somethin with the priv.pem? Where does that one go? Isn't the cert.cer enough?
I don't know what else to do and how to check anything else. Any ideas would be greatly appreciated.
Thank you very much,
Iulia S.
Hi again,
I am at wits' end in here and I hate it when I move in the unstable grounds of not knowing stuff. I am still getting the error.
I managed to get the certificate from the other application, it's not self-signed it's issued by Thawte. Apparently you can also get it with FF3 from the cute little lock next to the address bar. Am I talking about the same certificate? Then I did this to import it:
./keytool -import -alias bristow -file /location/to/THEcertificate -keystore /location/to/java/jre/lib/security/cacertsAnd I did restart the server. Several times. Several several times.
Some details about the application: it's a servlet running on a websphere 6.1 server. I noticed that this error is from sun.security.validator.ValidatorException while mine is from:
javax.net.ssl.SSLHandshakeException: com.ibm.jsse2.util.h: No trusted certificate foundI can understand they are different packages but shouldn't they implement the same standard protocol? btw there are no com.sun.* classes imported.
Am I not creating the SSLSocket right?
SSLSocketFactory sslsocketfactory = (SSLSocketFactory) SSLSocketFactory.getDefault();
SSLSocket s = (SSLSocket) sslsocketfactory.createSocket("secureSite.com", portNo);The string that defines the hostname, it's just the name, no protocol or anything else, right? I just need someone to confirm it. I've already tried all the other posibilities and they don't work.
It all crashes at the readLine:
BufferedReader in = new BufferedReader(new InputStreamReader(s.getInputStream()));
String input = "";
while((input = in.readLine()) != null)I ran the php script they gave us as an example, on a different server, and it worked just fine. No certificates needed.
I've tried reading characters instead of line, just in case this error would be absurdly linked with the no-end-of-line. Same error.
I'm trying to poke the server with a stick see if I can get a response. I run this from my local machine:
import java.io.InputStreamReader;
import java.io.BufferedReader;
import java.io.PrintWriter;
import java.net.URLEncoder;
import java.util.Date;
import javax.net.ssl.SSLSocket;
import javax.net.ssl.SSLSocketFactory;
public class EchoClient
public static void main(String[] arstring)
try
SSLSocketFactory sslsocketfactory = (SSLSocketFactory) SSLSocketFactory.getDefault();
SSLSocket sslsocket = (SSLSocket) sslsocketfactory.createSocket("hostname", 99999);
sslsocket.setEnabledCipherSuites(sslsocket.getSupportedCipherSuites());
StringBuffer data = new StringBuffer();
dataDeTrimis.append("DATA1=").append(URLEncoder.encode("DATA1","UTF-8"))
.append("&DATA2=").append(URLEncoder.encode("DATA2", "UTF-8"));
String includeHeader = "POST /script/location/script.php HTTP/1.1\r\n" + "Content-Length: " + data.length() + "\r\n" + "Content-Type: application/x-www-form-urlencoded\r\n" + "\r\n" + data;
BufferedReader in = new BufferedReader(new InputStreamReader(sslsocket.getInputStream()));
PrintWriter outs = new PrintWriter(sslsocket.getOutputStream(), true);
outs.print(includeHeader);
String input = "";
System.out.println("is input shut down: "+sslsocket.isInputShutdown()+" is output shut down? "+sslsocket.isOutputShutdown()+" is bound? "+sslsocket.isBound()+" is closed? "+sslsocket.isClosed()+" is connected? "+sslsocket.isConnected());
System.out.println("server: "+in.read());
while((input=in.readLine())!=null)
System.out.println("SERVER REPLIED : " + input + "\n");
sslsocket.close();
catch(Exception exception)
exception.printStackTrace();
}The answer is:
is input shut down: false is output shut down? false is bound? true is closed? false is connected? true
server: -1Shouldn't I get something even a little bit more significant then just NO answer? sigh
If I were to explicitly load the keystore will that get me anywhere? I am out of ideas. Anything to point somewhere would be great.
Thank you very much,
Iulia S.
Similar Messages
-
Blinoz - Write to and read from memory address
How do I write to or read from a specific memory address such as Hex 378?
I may be wrong here but I think this cant be done in pure java.. The solution would be to use jni as you can do this sort of thing with c++....
-
How can I keep Adobe Reader from closing 30 secs after I open it? Windows Vista
My Adobe Reader closes after 30 seconds or so of being opened. I've been making changes to some of my windows settings in an effort to reduce risk of viruses and malware, etc. I don't know why it affected the time Adobe is allowed to stay open and so don't know how to fix the problem. How can I fix this?
Three things to try:
Using Windows Explorer navigate to C:\Program Files (x86)\Adobe\Reader 11.0\Reader, then double-click on Eula.exe and accept the license agreement
Can you open Adobe Reader by itself? If so, try disabling Protected Mode [Edit | Preferences | Security (Enhanced)].
It could even be a malware issue; see http://helpx.adobe.com/acrobat/kb/reader-core-dll-error.html -
How can I get sigalg attribute from a given X509 certificate
Hi,
I am verifying my client's digigital signature like this
String sigalg = "SHA1WithRSA";
Signature sig = Signature.getInstance(sigalg);
sig.initVerify(pubKey);
sig.update(sEnvelope.getBody().toString().getBytes());
return sig.verify(Base64.decode(sigValue));
while getting signature instance, rightnow I am hardcoding that to "SHA!withRSA", because I know that client is comming with that signatureAlgorithm, If another client comes with another alogorithm say "MD5withRSA", it is going to be failed. how can I change that sigAlg variable dynamically, based on different signature ?? what I have from the client is certificate file. how can I get signature algorithm from the certificate or from publicKey object ??
Thanx, VenuCheck the following methods in X509Certificate:
getSigAlgName
getSigAlgOID -
How can i Use SERVLET with RMI to avoid trust certificate
I know that for begining RMI, you must launch the server and the client.
for the server i use :
java -Djavax.net.ssl.trustStore=server.keystore -Djavax.net.ssl.keyStore=server.keystore -Djavax.net.ssl.keyStorePassword=server TestServer
for the client I use :
java -Djavax.net.ssl.trustStore=client.keystore -Djavax.net.ssl.keyStore=client.keystore -Djavax.net.ssl.keyStorePassword=client TestClient
and all work fine.
but i want to use a servlet for rmi client and i wrote this:
public class AppelServlet extends HttpServlet
public void doPost(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException
try
System.out.println("Registering secure RMI socket factory ...");
java.rmi.server.RMISocketFactory.setSocketFactory(new SecureRMISocketFactory());
TestRemote test = (TestRemote) Naming.lookup("rmi://127.0.0.1:7123/TestClient");
String reponse=test.toLowerCase("HELLO WORLD");
System.out.println("la reponse est : "+reponse);
catch (Exception e)
System.out.println("test client exception: " +e);
PrintWriter out = response.getWriter();
response.setContentType("text/html");
and i have the following error on tomcat:
Registering secure RMI socket factory ...
test client exception: java.rmi.ConnectIOException: error during JRMP connection
establishment; nested exception is:
javax.net.ssl.SSLHandshakeException: Couldn't find trusted certificate
i think i must precise how to indicate the truststore like in the first case.
help me please.
hamdiHi,
Try doing the following steps.
Assuming you have a certificate obtained
Export the certificate into a .cer file.
On IE, goto tools->internet options->content->certificates, and export to a .cer file.
Using keytool of java import the certificate to the store that can be used doing the following command.
keytool -import -alias <ailas> -file < .cer filename> -keystore <storename here>
set the javax.net.ssl.trustStore and javax.net.ssl.trustStorePassword properties at the command prompt using the command below.
java -Djavax.net.ssl.trustStore=<storename> -Djavax.net.ssl.trustStorePassword=<password> <classname>
Let me know if this helped.
Also take a look at this link for using RMI with SSL
http://java.sun.com/products/jdk/1.2/docs/guide/rmi/SSLInfo.html
Regards,
Roopasri Vittal
Developer Technical Support
Sun Microsystems
http://sun.com/developers/support -
How can i write to or read from the digital I/O of the SPIDER8 with DIADEM?
We have the problem that we haven't found out yet how to activate the digital I/O of the HBM SPIDER8 hardware with DIADEM 6.0.
The digital input is supported since DIAdem 3.02 the output since DIAdem 7.0.
Maybe that the problem is the following:
- Analog input will be measured on channel 0 up to 7
- Digital input will be measured on channel 8 as word
So if you would like to measure bit 3 you must add a
F(x)-block with this function getb(d,3).
I hope this will help you.
Greetings
Walter -
How can I call Adobe Reader from inside my Application and prevent operator to access Open/save opt
Can Anyone help to find a way?
http://answers.acrobatusers.com/How-call-Adobe-Reader-inside-application-avoid-operator-op en-save-doc-q13487.aspx
From inside my application that run on an Automation PC, under Windows O.S, I want to call Adobe Reader using a shell command to open up an PDF Document containing some informations.
Shell command like these
"C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe" /A "<options>" "C:\mydoc.pdf"
or
cmd /c "C:\mydoc.pdf"
Operator is using a touchscreen.
I want to prevent user to access any option that can give him acces to filesystem (Open/save/save as).
I want also to prevent any change/add information to PDF document
Thank you in advance for the time you will spend for me.You can use the Installation Tuner for Reader to customize the UI elements provided to the user. Details on the Adobe web site.
-
How can I stop Adobe Reader from reading (seeking) the floppy drive when opening/closing any PDF?
Ever since I opened a PDF file from my floppy drive Adobe Reader insists on checking/seeking/reading the floppy drive whenever I open and whenever I close any PDF (not using the floppy). It is very annoying, as I use many PDFs per day and it creates a delay and noise every time.
Edit>Preferences
Under Page Display:
Where it says "Location of referenced files", if it shows "Floppy Disk A:/" clear the box, or choose an alternate location if you can't clear it.
Also, under Search:
Click "Purge Cache Contents" -
How can I stop Adobe Reader from opening after start up?
I just installed version 9. I remember a question that appeared during installation that was something like "do you want Adobe Reader to open after start up?" I said checked yes because I assumed this meant I wanted it in my StartUp menu. After everything loads and my desktop comes up, the Adobe Reader file opens up showing all the program's files and just sits there. I have to close it each time after start up.
I looked through Preferences, but can't find a way of stopping the program's file window from opening after start up. How can I stop this? Thanks for your help.Edit>Preferences
Under Page Display:
Where it says "Location of referenced files", if it shows "Floppy Disk A:/" clear the box, or choose an alternate location if you can't clear it.
Also, under Search:
Click "Purge Cache Contents" -
Can't delete Adobe Reader from Dock
Sure, "removing items from the Dock is simplicity itself." Only it won't work with Adobe Reader, which I don't use anymore. I can't get rid of it. What's the trick?
Select any Dock icon and quickly drag it out of the Dock. It should poof away. Be sure the application itself is not running and that the option to Keep in Dock is not enabled.
-
How can I disable Adobe reader from prefetching PDF file
Hello
I have ADOBE xi 11 INSTALLED
I do not want Adobe to prefetch PDF file When I point to the file.
As a result of a problem in my PC prefetching many time results in an error
message.
CAN SOME ONE HELP
MANY THANKS
ARIELCan you explain what prefetching means to you? And pointing? And maybe a screenshot of the error message?
-
How can you disable Adobe Reader from opening a file right after you save it as a pdf?
Hi,
I often save word files as pdf files and right after I save them as pdfs it opens the file in adobe reader. How can I disable this?
ThanksAhh, but that's the design function of any PDF viewer add-on to a browser.
To avoid -- Use the browser feature that saves a file to the local machine.
Then open the file with the appropriate application.
If your machine/device does not support this then you'd want to change to one that supports what you want eh.
Be well... -
How can I stop Acrobat Reader from popping up every time I close Firefox?
Every time I close Firefox, after my browser window closes, Acrobat Reader pops up. Is there a way to stop this from happening. I already went into the "Add-Ons" and disabled it, but it continues to occur.
It doesn't :-) I was desperate, there is nowhere on the Internet giving the information on how to block pop-ups on just IE (not all of Microsoft) But thank you anyway. :-) FYI I installed IE 9 then deleted IE all together.
-
Can aperture 3.6 read from the photos app library?
when I try to select the photos library for aperture it is greyed out. I don't want to store two whole libraries on my computer.
No, Aperture cannot read a Photos Library.
I've no idea what the rest of your post means, sorry. -
Write to and read from TCP/IP address using Flash and Actionscript
Hi,
I'm a bit of a newbie with flash and Actionscript. I have been programming for a number of years now, but I have only been messing around with flash since CS4. I have CS5 now, and need a bit of help. I have a wireless device that I have made, I wish to make a flash program (potentially adapted to iPhone or Android) that sends and receives data (in the form of Word or Byte sized variables) from an IP address assigned to the device. Is this achievable?
Please help. Thank youbump
Please! anyone! HELP
Maybe you are looking for
-
My iphone 4 has no data storage. I have deleted all apps, music and texts and it still says I only have 1.9 GB available. There is nothing in my storage.
-
Some advice for a windows person who wants to switch :o
Hey, here's the deal. I work in a computer shop and I've been looking at Mac's more and more and I'm beginning to love them. I'm going to university soon and so I will be purchasing a laptop, and I am thinking about getting the new Macbook with an In
-
hi Co Guru... when i do GR with t code mb31 movement type..101.. showing the message.. mesage type; F5714.. ACCOUNTING TYPE M AND G/L ACCOUNT WITH OPEN ITEM MANAGEMENT NOT PERMITTED.... PROCEDURE... CHANGE THE MASTER DATA FOR
-
My quotation pipeline role missing on HANA
Hi everyone, Recently I've been trying to install the My Quotation Pipeline fiori application. I have already installed a HCO_HBA_A_QTPL_S 100 component on HANA XS using hdbalm: However, the sap.hba.apps.qtpl.s.roles::qtpl role it is missing, and I a
-
GPU Performance with Illustrator - New Notebook Specs
I'm looking at purchasing a new notebook for Illustrator use. The system requirements for Illustrator list only certain models of NVIDIA video adapters. The notebooks I'm looking at have the NVidia Optimus K1100M 2GB video adapter. I would like co